Finishing Configuration of Access Server
Now that you’ve installed OpenVPN Access Server, this documentation outlines next steps.
Find the URLs for your web server
When you complete the installation process on the command line, you will find the URLs for your admin UI and client UI as well as the username and randomly generated password for the admin account.
+++++++++++++++++++++++++++++++++++++++++++++++ Access Server 2.10.0 has been successfully installed in /usr/local/openvpn_as Configuration log file has been written to /usr/local/openvpn_as/init.log Access Server Web UIs are available here: Admin UI: https://192.168.102.130:943/admin Client UI: https://192.168.102.130.943 Login as "openvpn" with "RR4ImyhwbFFq" to continue (password can be changed on Admin UI) +++++++++++++++++++++++++++++++++++++++++++++++
The Admin UI is the web-based GUI for managing your OpenVPN Access Server. We also refer to it as the Admin Web UI. Typically, it is the address of your server with /admin/ appended, for example https://192.168.70.222/admin/.
When you sign in to the Admin Web UI, you can manage the configuration, certificate, users, and so on as an administrative user. The web-based GUI provides simplified management of complex VPN features rather than having to run Linux-based commands and scripts.
The Client UI is the web-based GUI where users sign in and download clients or configuration files. Typically, it is the address of your server, https://192.168.70.222 as an example.
When a user signs in here with the credentials as set up in the Admin Web UI, they can download pre-configured Connect clients for Windows and macOS. There are also links to the Linux, Android, and iOS client programs. You can also find a configuration profile to import into an already installed client.
Note: The web services by default run on port TCP 943, so you can visit them at https://192.168.70.222:943/ and https://192.168.70.222:943/admin/ as well. The OpenVPN TCP daemon that runs on TCP port 443 redirects incoming browser requests so that it is slightly easier for users to open the web interface by leaving the :943 part out.
First time logging into Admin Web UI
For the first use of the Admin Web UI, sign in with the openvpn user created during setup. The user’s password is randomly generated and displays in the output at the completion of setup.
On OpenVPN Access Server 2.9 and older, you must manually set the password for the openvpn user with this command:
You can now open a browser and enter your Admin Web UI address.
OpenVPN Access Server’s web interface comes with a self-signed certificate. This allows you to sign in to the Admin Web UI right away. Since it’s self-signed, it triggers an expected warning. We recommend adding your own SSL certificate in the Admin Web UI to resolve this.
By clicking through to continue to the site, you can continue to the web interface. At the login screen, you can enter the username and password for your ‘openvpn’ user.
Setting up authentication
Authentication with Local, RADIUS, LDAP, SAML, or PAM
OpenVPN Access Server supports local authentication where you configure users in the Admin Web UI. You can also use an external authentication system with PAM, RADIUS, LDAP, or SAML.
The default is local authentication where Access Server manages your credentials. Under User Management, you can add users and define their permissions at the user, group, and global level. You can also integrate with an external authentication system using PAM, RADIUS, LDAP, or SAML. For example, you can set up a connection to an LDAP connector to integrate with Windows Server Active Directory.
OpenVPN Access Server 2.10 and newer supports using multiple authentication systems simultaneously. Refer to OpenVPN Access Server’s User Authentication System for more information.
For more information about configuring specific functions, you might find some of these links helpful: